Dave CROCKER wrote:
On 7/9/2010 4:32 AM, Hannes Tschofenig wrote:
The Fair Information Practices are a set of principles most of us are quite
likely to believe in, such as (copied from the Alissa's draft):
Likely, yes. But do any of us know how to translate those principles into
particular behaviors? Is it likely that any two of us will make the same
translation? What about enough of us to constitute rough consensus?
As I previously mentioned, "acceptable" means different things to
to improve things. Personally, I don't think so. Likely it will get
nice, it adds A LOT of wiggle room for lawyers. Most companies
privacy policies are created for the "cover your ass" (CYA) purpose
Going back to the Google example (because they made news several times here):
Excerpts from what they've posted:
We have 5 privacy principles that describe how we approach privacy
and user information across all of our products:
1. Use information to provide our users with valuable products and services.
2. Develop products that reflect strong privacy standards and practices.
3. Make the collection of personal information transparent.
4. Give users meaningful choices to protect their privacy.
5. Be a responsible steward of the information we hold.
applies to all of the products, services and websites offered by
Google Inc. or its subsidiaries or affiliated companies except
Policy); collectively, Googles services.
But the reality actually looks like this:
i.e. the government must step in to stop them from committing
large scale illegal privacy violations, because their own focus is
much more on their business model than on respect for the privacy of
the people about which they collect data.
I would be OK with consenting to very specific and explicit
PII usage scenarios within the IETF. But many "privacy policies"
I've come across are simple inacceptable to _me_. Probably every
"social networking site" out there, or businesses with ridiculous
policies, such as e.g. PayPal.
Ietf mailing list